Bitcoin Ransomware Takes Down 100 Romanian Hospitals Offline, Hackers Demand 3.5BTC
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
More than 100 hospitals in Romania were affected by a crypto ransomware attack on Tuesday, the National Cyber Security Directorate (DNSC) confirmed. The unidentified perpetrators have demanded 3.5 Bitcoin (BTC), or about $180,000, to decrypt the data.
The ransomware took down over 100 hospitals, affecting their IT systems and encrypting data, forcing the hospitals to operate offline.
Romania's ongoing hospital ransomware attack is getting worse. Cyber security centre said last night that 21 hospitals have had computers encrypted. A chidren's hospital was the first to get hit but now it's spread. Computers in 79 other medical facilities have been unplugged pic.twitter.com/rdsX31VhFd
— Joe Tidy (@joetidy) February 13, 2024
Per a recent update from the DNSC, 25 hospitals in Romania using Hipocrate Information System (HIS) are directly affected by the attack. “As a result of the attack, the system is down, files and databases are encrypted,” the Ministry of Health noted.
“The incident is under investigation by IT specialists, including cyber security experts from the National Cyber Security Directorate, and resumption possibilities are being assessed,” the Ministry added. However, it did not specify whether the authorities are ready to pay the ransom in Bitcoin, as demanded by attackers.
Dubbed ‘Backmydata’, the ransomware is a variant of Phobos malware family, that are distributed via hacked Remote Desktop (RDP) connections. The ransom note informs victim about the severity of the situation by threatening to sell confidential data if negotiations fail. The note also asserts that data can be returned only when the ransom is paid in digital assets.
Furthermore, hospitals in Romania are told to keep an eye on ransom demands to ensure evidence is preserved.
Bitcoin Demands in Ransomware
This isn’t a new case where attackers have demanded Bitcoin ransom payment. The Backmydata has similarities with the infamous “WannaCry” attack in May 2017 on the UK’s National Health Service (NHS).
In 2021, Russian DarkSide Group attacked the US Colonial Pipeline, demanding a ransom of $5 million worth in crypto assets. Later, the US Department of Justice has recovered $2.3 million in Bitcoin from the DarkSide (approximately 63.7BTC at that time).
Additionally, a recent report from Chainalysis noted that ransomware payments hit a staggering $1 billion in 2023. Notable victims included household names like the BBC and British Airways, and other high-profile institutions.
- Trump Appoints PayPal Veteran David Sacks as ‘White House AI and Crypto Czar’
- What’s Happening in Crypto Today? Daily Crypto News Digest
- Trader Explains Why XRP Could Skyrocket to $100 After Tristan Tate X Post
- US SEC Scales Back 50-Member Crypto Enforcement Team: Report
- Michael Saylor Teases “Big Strategy Day,” Crypto Community Reacts






